SMTP Smuggling: qpsmtpd seems to be not affected

[wornet-aer]

After reading about the current SMTP Smuggling issue, I was very curious, if qpsmtpd is also vulnerable.
So I tried to exploit this issue using smtpsmug.

Result:
qpsmtpd correctly handled all my exploit probes and returns 421 See http://smtpd.develooper.com/barelf.html or 451 Incomplete DATA.

However there is one case that may have room for improvement:
qpsmtpd currently also accepts \n.\r\n as end-of-data command, instead of \r\n.\r\n as specified in the RFC.

References:

• https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
• https://www.postfix.org/smtp-smuggling.html
• CVE-2023-51765 & CVE-2023-51766